CVE-2009-0184

Free Download Manager <3.0.844 - RCE

Title source: llm

Description

Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16634

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Carsten Eiram · textlocalwindows

https://www.exploit-db.com/exploits/10009

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/fdm_torrent.rb

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33555

[Vendor Advisory] http://secunia.com/advisories/33524

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500605/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/0302

[Vendor Advisory] http://secunia.com/secunia_research/2009-5/

Scores

EPSS 0.6569

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (2)

free_download_manager/free_download_manager 2.5

free_download_manager/free_download_manager 3.0

Published Feb 03, 2009

Tracked Since Feb 18, 2026